Detections
Analytics
RHEL-10-300070 - RHEL 10 must use FIPS 140-3-approved cryptographic algorithms for IP tunnels.
Information
Overriding the systemwide cryptographic policy makes the behavior of the Libreswan service violate expectations and makes system configuration more fragmented.Solution
Configure RHEL 10 so that Libreswan uses the systemwide cryptographic policy.Add the following line to "/etc/ipsec.conf":
include /etc/crypto-policies/back-ends/libreswan.config
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_10_V1R1_STIG.zip
Item Details
Audit Name: DISA Red Hat Enterprise Linux 10 STIG v1r1
Category: ACCESS CONTROL
References: 800-53|AC-17(2), CAT|I, CCI|CCI-000068, Rule-ID|SV-281014r1165397_rule, STIG-ID|RHEL-10-300070, Vuln-ID|V-281014
Plugin: Unix
Control ID: d99c9c5ced7bc39978e5475026d49cbbe56e2122e960ac5a4913d6e596f37091